Apache Server-status Permission Denied
Hey all,
I’m having a slightly weird issue with apache server-status on just one of my nodes.
In my httpd.conf I have the following:
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 10.10.160
If I do a ps grep I know that I’m using the right config:
[root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
root 28359 1 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28360 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28361 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28362 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28363 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
And if I check apachectl -S things look ok there too. I can also see I’m using the right config:
[root@webhosta apache2]# /opt/apache2/bin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server test.mydomain.com
(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost test.mydomain.com
(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost webhosta.dmz.domain.com
(/opt/apache2/conf/httpd.conf:469)
port * namevhost webhosta.dmz.domain.com
(/opt/apache2/conf/httpd.conf:480)
port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501)
Syntax OK
Yet, for some reason I get permission denied when I try to do a get from localhost:
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
Forbidden
You don’t have permission to access /server-status
on this server.
Apache Server at 10.10.1.160 Port 80
I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i.
Does anyone have any ideas or suggestions as to what could be wrong?
Thanks
Tim
7 thoughts on - Apache Server-status Permission Denied
10.10.160 != 10.10.1.160
the GET is probably going across ethx interface instead of lo interface.
Ok lets’ try this again. I set the following in httpd.conf:
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 10.10.1.160
I bounce apache.
I verify the IP information is correct:
[root@webhosta apache2]# ifconfig | grep inet
inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0
inet addr:127.0.0.1 Mask:255.0.0.0
Then if I try a GET on that IP using hostname -i
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
Forbidden
You don’t have permission to access /server-status on this server.
Apache Server at 10.10.1.160 Port 80
OR if I try a GET with the actual IP, I get the following:
[root@webhosta apache2]# GET http://10.10.1.160/server-status
Forbidden
You don’t have permission to access /server-status on this server.
Apache Server at 10.10.1.160 Port 80
Any further thoughts?
Thanks
does /etc/hosts (or DNS or reverse DNS) differ between working server and non-working server?
Hi Steven,
Thanks for your reply.
No there appears to be no difference there either. And I don’t think reverse dns is setup on either host.
Tim
Hi Tim.
The only time I’ve seen such an error was when the user the web server is running as doesn’t have permission to access the file system directory – in your case, /server-status. Maybe this particular instance has a different user set up for the Apache process?
Cheers, ak.
Am 10.06.2014 um 04:44 schrieb Tim Dunphy:
for testing – what about disabling temporarily the access restriction?
I was corrected by a well known troll that /server-status is not in the file system – :-( !
Please excuse my jabber…